mod_proxy_ajp would return the wrong status code if it encountered anerror, causing a backend server to be put into an error state until theretry timeout expired. A remote attacker could send malicious requeststo trigger this issue, resulting in denial of service.

CVE-2010-0434

A flaw in the core subrequest process code was found, which could leadto a daemon crash (segfault) or disclosure of sensitive informationif the headers of a subrequest were modified by modules such asmod_headers.

For the stable distribution (lenny), these problems have been fixed inversion 2.2.9-10+lenny7.

For the testing distribution (squeeze) and the unstable distribution(sid), these problems have been fixed in version 2.2.15-1.

This advisory also provides updated apache2-mpm-itk packages whichhave been recompiled against the new apache2 packages.

We recommend that you upgrade your apache2 and apache2-mpm-itk packages.

Upgrade instructions- --------------------

wget url will fetch the file for youdpkg -i file.deb will install the referenced file.

If you are using the apt-get package manager, use the line forsources.list as given below: